Merge branch 'from/upstream-develop/tusooa/report-fake' into 'develop'

Report an Object, not a Create Activity

Closes #2986

See merge request pleroma/pleroma!3788
This commit is contained in:
Haelwenn 2022-12-09 14:25:24 +00:00
commit 204fd6faae
8 changed files with 135 additions and 31 deletions

View File

@ -695,20 +695,24 @@ defmodule Pleroma.Web.ActivityPub.Utils do
Enum.map(statuses || [], &build_flag_object/1) Enum.map(statuses || [], &build_flag_object/1)
end end
defp build_flag_object(%Activity{data: %{"id" => id}, object: %{data: data}}) do defp build_flag_object(%Activity{} = activity) do
activity_actor = User.get_by_ap_id(data["actor"]) object = Object.normalize(activity, fetch: false)
%{ # Do not allow people to report Creates. Instead, report the Object that is Created.
"type" => "Note", if activity.data["type"] != "Create" do
"id" => id, build_flag_object_with_actor_and_id(
"content" => data["content"], object,
"published" => data["published"], User.get_by_ap_id(activity.data["actor"]),
"actor" => activity.data["id"]
AccountView.render(
"show.json",
%{user: activity_actor, skip_visibility_check: true}
) )
} else
build_flag_object(object)
end
end
defp build_flag_object(%Object{} = object) do
actor = User.get_by_ap_id(object.data["actor"])
build_flag_object_with_actor_and_id(object, actor, object.data["id"])
end end
defp build_flag_object(act) when is_map(act) or is_binary(act) do defp build_flag_object(act) when is_map(act) or is_binary(act) do
@ -720,12 +724,12 @@ defmodule Pleroma.Web.ActivityPub.Utils do
end end
case Activity.get_by_ap_id_with_object(id) do case Activity.get_by_ap_id_with_object(id) do
%Activity{} = activity -> %Activity{object: object} = _ ->
build_flag_object(activity) build_flag_object(object)
nil -> nil ->
if activity = Activity.get_by_object_ap_id_with_object(id) do if %Object{} = object = Object.get_by_ap_id(id) do
build_flag_object(activity) build_flag_object(object)
else else
%{"id" => id, "deleted" => true} %{"id" => id, "deleted" => true}
end end
@ -734,6 +738,20 @@ defmodule Pleroma.Web.ActivityPub.Utils do
defp build_flag_object(_), do: [] defp build_flag_object(_), do: []
defp build_flag_object_with_actor_and_id(%Object{data: data}, actor, id) do
%{
"type" => "Note",
"id" => id,
"content" => data["content"],
"published" => data["published"],
"actor" =>
AccountView.render(
"show.json",
%{user: actor, skip_visibility_check: true}
)
}
end
#### Report-related helpers #### Report-related helpers
def get_reports(params, page, page_size) do def get_reports(params, page, page_size) do
params = params =

View File

@ -18,9 +18,11 @@ defmodule Pleroma.Web.AdminAPI.Report do
|> Enum.reject(&is_nil(&1)) |> Enum.reject(&is_nil(&1))
|> Enum.map(fn |> Enum.map(fn
act when is_map(act) -> act when is_map(act) ->
Activity.get_create_by_object_ap_id_with_object(act["id"]) ||
Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user) Activity.get_by_ap_id_with_object(act["id"]) || make_fake_activity(act, user)
act when is_binary(act) -> act when is_binary(act) ->
Activity.get_create_by_object_ap_id_with_object(act) ||
Activity.get_by_ap_id_with_object(act) Activity.get_by_ap_id_with_object(act)
end) end)

View File

@ -1504,6 +1504,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
reporter_ap_id = reporter.ap_id reporter_ap_id = reporter.ap_id
target_ap_id = target_account.ap_id target_ap_id = target_account.ap_id
activity_ap_id = activity.data["id"] activity_ap_id = activity.data["id"]
object_ap_id = activity.object.data["id"]
activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id) activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id)
@ -1515,6 +1516,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
reported_activity: activity, reported_activity: activity,
content: content, content: content,
activity_ap_id: activity_ap_id, activity_ap_id: activity_ap_id,
object_ap_id: object_ap_id,
activity_with_object: activity_with_object, activity_with_object: activity_with_object,
reporter_ap_id: reporter_ap_id, reporter_ap_id: reporter_ap_id,
target_ap_id: target_ap_id target_ap_id: target_ap_id
@ -1528,7 +1530,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
target_account: target_account, target_account: target_account,
reported_activity: reported_activity, reported_activity: reported_activity,
content: content, content: content,
activity_ap_id: activity_ap_id, object_ap_id: object_ap_id,
activity_with_object: activity_with_object, activity_with_object: activity_with_object,
reporter_ap_id: reporter_ap_id, reporter_ap_id: reporter_ap_id,
target_ap_id: target_ap_id target_ap_id: target_ap_id
@ -1544,7 +1546,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
note_obj = %{ note_obj = %{
"type" => "Note", "type" => "Note",
"id" => activity_ap_id, "id" => object_ap_id,
"content" => content, "content" => content,
"published" => activity_with_object.object.data["published"], "published" => activity_with_object.object.data["published"],
"actor" => "actor" =>
@ -1568,6 +1570,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
context: context, context: context,
target_account: target_account, target_account: target_account,
reported_activity: reported_activity, reported_activity: reported_activity,
object_ap_id: object_ap_id,
content: content content: content
}, },
Utils, Utils,
@ -1582,8 +1585,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
content: content content: content
}) })
new_data = new_data = put_in(activity.data, ["object"], [target_account.ap_id, object_ap_id])
put_in(activity.data, ["object"], [target_account.ap_id, reported_activity.data["id"]])
assert_called(Utils.maybe_federate(%{activity | data: new_data})) assert_called(Utils.maybe_federate(%{activity | data: new_data}))
end end

View File

@ -61,7 +61,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
note_obj = %{ note_obj = %{
"type" => "Note", "type" => "Note",
"id" => activity.data["id"], "id" => activity.object.data["id"],
"content" => "test post", "content" => "test post",
"published" => object.data["published"], "published" => object.data["published"],
"actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true}) "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})

View File

@ -473,7 +473,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
content = "foobar" content = "foobar"
target_ap_id = target_account.ap_id target_ap_id = target_account.ap_id
activity_ap_id = activity.data["id"] object_ap_id = activity.object.data["id"]
res = res =
Utils.make_flag_data( Utils.make_flag_data(
@ -489,7 +489,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
note_obj = %{ note_obj = %{
"type" => "Note", "type" => "Note",
"id" => activity_ap_id, "id" => object_ap_id,
"content" => content, "content" => content,
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => "actor" =>
@ -504,6 +504,49 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
"state" => "open" "state" => "open"
} = res } = res
end end
test "returns map with Flag object with a non-Create Activity" do
reporter = insert(:user)
posting_account = insert(:user)
target_account = insert(:user)
{:ok, activity} = CommonAPI.post(posting_account, %{status: "foobar"})
{:ok, like} = CommonAPI.favorite(target_account, activity.id)
context = Utils.generate_context_id()
content = "foobar"
target_ap_id = target_account.ap_id
object_ap_id = activity.object.data["id"]
res =
Utils.make_flag_data(
%{
actor: reporter,
context: context,
account: target_account,
statuses: [%{"id" => like.data["id"]}],
content: content
},
%{}
)
note_obj = %{
"type" => "Note",
"id" => object_ap_id,
"content" => content,
"published" => activity.object.data["published"],
"actor" =>
AccountView.render("show.json", %{user: posting_account, skip_visibility_check: true})
}
assert %{
"type" => "Flag",
"content" => ^content,
"context" => ^context,
"object" => [^target_ap_id, ^note_obj],
"state" => "open"
} = res
end
end end
describe "add_announce_to_object/2" do describe "add_announce_to_object/2" do

View File

@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
assert response["id"] == report_id assert response["id"] == report_id
assert [status] = response["statuses"] assert [status] = response["statuses"]
assert activity.data["id"] == status["uri"] assert activity.object.data["id"] == status["uri"]
assert activity.object.data["content"] == status["content"] assert activity.object.data["content"] == status["content"]
end end

View File

@ -1100,10 +1100,11 @@ defmodule Pleroma.Web.CommonAPITest do
target_user = insert(:user) target_user = insert(:user)
{:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"}) {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})
activity = Activity.normalize(activity)
reporter_ap_id = reporter.ap_id reporter_ap_id = reporter.ap_id
target_ap_id = target_user.ap_id target_ap_id = target_user.ap_id
activity_ap_id = activity.data["id"] reported_object_ap_id = activity.object.data["id"]
comment = "foobar" comment = "foobar"
report_data = %{ report_data = %{
@ -1114,7 +1115,7 @@ defmodule Pleroma.Web.CommonAPITest do
note_obj = %{ note_obj = %{
"type" => "Note", "type" => "Note",
"id" => activity_ap_id, "id" => reported_object_ap_id,
"content" => "foobar", "content" => "foobar",
"published" => activity.object.data["published"], "published" => activity.object.data["published"],
"actor" => AccountView.render("show.json", %{user: target_user}) "actor" => AccountView.render("show.json", %{user: target_user})
@ -1136,6 +1137,7 @@ defmodule Pleroma.Web.CommonAPITest do
test "updates report state" do test "updates report state" do
[reporter, target_user] = insert_pair(:user) [reporter, target_user] = insert_pair(:user)
activity = insert(:note_activity, user: target_user) activity = insert(:note_activity, user: target_user)
object = Object.normalize(activity)
{:ok, %Activity{id: report_id}} = {:ok, %Activity{id: report_id}} =
CommonAPI.report(reporter, %{ CommonAPI.report(reporter, %{
@ -1148,10 +1150,10 @@ defmodule Pleroma.Web.CommonAPITest do
assert report.data["state"] == "resolved" assert report.data["state"] == "resolved"
[reported_user, activity_id] = report.data["object"] [reported_user, object_id] = report.data["object"]
assert reported_user == target_user.ap_id assert reported_user == target_user.ap_id
assert activity_id == activity.data["id"] assert object_id == object.data["id"]
end end
test "updates report state, don't strip when report_strip_status is false" do test "updates report state, don't strip when report_strip_status is false" do

View File

@ -5,6 +5,8 @@
defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
use Pleroma.Web.ConnCase, async: true use Pleroma.Web.ConnCase, async: true
alias Pleroma.Activity
alias Pleroma.Repo
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
import Pleroma.Factory import Pleroma.Factory
@ -27,6 +29,41 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
|> json_response_and_validate_schema(200) |> json_response_and_validate_schema(200)
end end
test "submit a report with a fake Create", %{
conn: conn
} do
target_user = insert(:user)
note = insert(:note, user: target_user)
activity_params = %{
"object" => note.data["id"],
"actor" => note.data["actor"],
"to" => note.data["to"] || [],
"cc" => note.data["cc"] || [],
"type" => "Create"
}
{:ok, fake_activity} =
Repo.insert(%Activity{
data: activity_params,
recipients: activity_params["to"] ++ activity_params["cc"],
local: true,
actor: activity_params["actor"]
})
assert %{"action_taken" => false, "id" => _} =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/reports", %{
"account_id" => target_user.id,
"status_ids" => [fake_activity.id],
"comment" => "bad status!",
"forward" => "false"
})
|> json_response_and_validate_schema(200)
end
test "submit a report with statuses and comment", %{ test "submit a report with statuses and comment", %{
conn: conn, conn: conn,
target_user: target_user, target_user: target_user,